giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs15-init: documented remaining commandline switches 

fixes https://github.com/OpenSC/OpenSC/issues/1267
This commit is contained in:
Frank Morgner 2018-05-04 23:22:45 +02:00
parent 318329d5b7
commit 99eed0aa82
19 changed files with 938 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/tools/Makefile.am
View File

@ -2,8 +2,7 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
EXTRA_DIST = completion-template
# TODO XXX Uncomment after fixing issue #1267
#TESTS = test-manpage.sh
TESTS = test-manpage.sh
dist_noinst_DATA = $(wildcard $(srcdir)/*.xml)
if ENABLE_DOC

10
doc/tools/cardos-tool.1.xml
View File

@ -59,8 +59,14 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
<option>--reader</option> <replaceable>number</replaceable>,
<option>-r</option> <replaceable>number</replaceable>
</term>
<listitem><para>Specify the reader number <replaceable>number</replaceable> to use.
The default is reader <literal>0</literal>.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

11
doc/tools/cryptoflex-tool.1.xml
View File

@ -134,9 +134,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>Forces <command>cryptoflex-tool</command> to use
reader number <replaceable>num</replaceable> for operations. The default
is to use reader number 0, the first reader in the system.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

10
doc/tools/dnie-tool.1.xml
View File

@ -86,8 +86,14 @@
<option>--reader</option> <replaceable>number</replaceable>,
<option>-r</option> <replaceable>number</replaceable>
</term>
<listitem><para>Specify the reader <replaceable>number</replaceable> to use.
The default is reader 0.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

11
doc/tools/eidenv.1.xml
View File

@ -69,9 +69,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>
Use the given reader. The default is the first reader with a card.
</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

10
doc/tools/gids-tool.1.xml
View File

@ -82,8 +82,14 @@
<option>--reader</option> <replaceable>argument</replaceable>,
<option>-r</option> <replaceable>argument</replaceable>
</term>
<listitem><para>Uses reader number
<replaceable>argument</replaceable>.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

10
doc/tools/iasecc-tool.1.xml
View File

@ -36,8 +36,14 @@
<term>
<option>--reader</option> <replaceable>number</replaceable>,
</term>
<listitem><para>Specify the reader number <replaceable>number</replaceable> to use.
The default is reader <literal>0</literal>.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

9
doc/tools/netkey-tool.1.xml
View File

@ -74,7 +74,14 @@
<option>--reader</option> <replaceable>number</replaceable>,
<option>-r</option> <replaceable>number</replaceable>
</term>
<listitem><para>Use smart card in specified reader. Default is reader 0.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

11
doc/tools/openpgp-tool.1.xml
View File

@ -91,9 +91,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>
Use the given reader. The default is the first reader with a card.
</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

12
doc/tools/opensc-explorer.1.xml
View File

@ -68,10 +68,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>
Use the given reader number. The default
is 0, the first reader in the system.
</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

10
doc/tools/opensc-tool.1.xml
View File

@ -115,8 +115,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>Use the given reader number.
The default is <literal>0</literal>, the first reader in the system.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

10
doc/tools/piv-tool.1.xml
View File

@ -154,8 +154,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>Use the given reader number. The default is
<literal>0</literal>, the first reader in the system.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>

12
doc/tools/pkcs15-crypt.1.xml
View File

@ -132,10 +132,14 @@
<option>--reader</option> <replaceable>N</replaceable>,
<option>-r</option> <replaceable>N</replaceable>
</term>
<listitem><para>Selects the <replaceable>N</replaceable>-th smart
card reader configured by the system. If unspecified,
<command>pkcs15-crypt</command> will use the first reader
found.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

367
doc/tools/pkcs15-init.1.xml
View File

@ -287,6 +287,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--serial</option> <replaceable>SERIAL</replaceable>
</term>
<listitem>
<para>
Specify the serial number of the card.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--erase-card</option>,
@ -301,6 +312,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--erase-application</option> <replaceable>AID</replaceable>
</term>
<listitem>
<para>
This will erase the application with the application identifier
<replaceable>AID</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--generate-key</option> <replaceable>keyspec</replaceable>,
@ -334,8 +357,8 @@
contain one long option per line, without the leading dashes,
for instance:
<programlisting>
pin frank
puk zappa
pin 1234
puk 87654321
</programlisting>
</para>
<para>
@ -369,6 +392,17 @@ puk zappa
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--no-so-pin</option>,
</term>
<listitem>
<para>
Do not install a SO PIN, and do not prompt for it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--profile</option> <replaceable>name</replaceable>,
@ -430,6 +464,18 @@ puk zappa
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--store-pin</option>,
<option>-P</option>
</term>
<listitem>
<para>
Store a new PIN/PUK on the card.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--store-public-key</option> <replaceable>filename</replaceable>
@ -478,6 +524,8 @@ puk zappa
secret key to the card. The file is assumed to contain the raw key.
They key type should be specified with <option>--secret-key-algorithm</option>
option.
</para>
<para>
You may additionally specify the key ID along with this command,
using the <option>--id</option> option, otherwise a random ID is generated.
For the multi-application cards the target PKCS#15 application can be
@ -486,6 +534,18 @@ puk zappa
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--store-data</option> <replaceable>filename</replaceable>,
<option>-W</option> <replaceable>filename</replaceable>
</term>
<listitem>
<para>
Store a data object.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--update-certificate</option> <replaceable>filename</replaceable>,
@ -495,7 +555,7 @@ puk zappa
<para>
Tells <command>pkcs15-init</command> to update the certificate
object with the ID specified via the <option>--id</option> option
with the certificate in <option>filename</option>.
with the certificate in <replaceable>filename</replaceable>.
The file is assumed to contain a PEM encoded certificate.
</para>
<para>Pay extra attention when updating mail decryption certificates, as
@ -504,6 +564,57 @@ puk zappa
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--delete-objects</option> <replaceable>arg</replaceable>,
<option>-D</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Tells <command>pkcs15-init</command> to delete the
specified object. <replaceable>arg</replaceable>
is comma-separated list containing any of
<literal>privkey</literal>, <literal>pubkey</literal>,
<literal>secrkey</literal>, <literal>cert</literal>,
<literal>chain</literal> or <literal>data</literal>.
</para>
<para>
When <literal>data</literal> is specified, an
-<option>--application-id</option> must also be
specified, in the other cases an
<option>--id</option> must also be specified
</para>
<para>
When <literal>chain</literal> is specified, the
certificate chain starting with the cert with
specified ID will be deleted, until there's a CA
certificate that certifies another cert on the card
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--change-attributes</option> <replaceable>arg</replaceable>,
<option>-A</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Tells <command>pkcs15-init</command> to change the
specified attribute. <replaceable>arg</replaceable>
is either <literal>privkey</literal>,
<literal>pubkey</literal>, <literal>secrkey</literal>,
<literal>cert</literal> or <literal>data</literal>.
You also have to specify the <option>--id</option>
of the object.
For now, you can only change the <option>--label</option>, e.g:
<programlisting>
pkcs15-init -A cert --id 45 -a 1 --label Jim
</programlisting>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--use-default-transport-keys</option>,
@ -517,6 +628,35 @@ puk zappa
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--sanity-check</option>,
<option>-T</option>
</term>
<listitem>
<para>
Tells <command>pkcs15-init</command> to perform a
card specific sanity check and possibly update
procedure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--verbose</option>,
@ -546,6 +686,227 @@ puk zappa
<listitem><para>Do not prompt the user; if no PINs supplied, pinpad will be used.</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>--puk-id</option> <replaceable>ID</replaceable>
</term>
<listitem>
<para>
Specify ID of PUK to use/create
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--puk-label</option> <replaceable>LABEL</replaceable>
</term>
<listitem>
<para>
Specify label of PUK
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--public-key-label</option> <replaceable>LABEL</replaceable>
</term>
<listitem>
<para>
Specify public key label (use with <option>--generate-key</option>)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--cert-label</option> <replaceable>LABEL</replaceable>
</term>
<listitem>
<para>
Specify user cert label (use with <option>--store-private-key</option>)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--application-name</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify application name of data object (use with <option>--store-data-object</option>)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--aid</option> <replaceable>AID</replaceable>
</term>
<listitem>
<para>
Specify AID of the on-card PKCS#15 application to be binded to (in hexadecimal form)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--output-file</option> <replaceable>filename</replaceable>
<option>-o</option> <replaceable>filename</replaceable>,
</term>
<listitem>
<para>
Output public portion of generated key to file
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--passphrase</option> <replaceable>PASSPHRASE</replaceable>
</term>
<listitem>
<para>
Specify passphrase for unlocking secret key
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--authority</option>
</term>
<listitem>
<para>
Mark certificate as a CA certificate
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--key-usage</option> <replaceable>arg</replaceable>
<option>-u</option> <replaceable>arg</replaceable>,
</term>
<listitem>
<para>
Specifies the X.509 key usage.
<replaceable>arg</replaceable> is comma-separated
list containing any of
<literal>digitalSignature</literal>,
<literal>nonRepudiation</literal>,
<literal>keyEncipherment</literal>,
<literal>dataEncipherment</literal>,
<literal>keyAgreement</literal>,
<literal>keyCertSign</literal>,
<literal>cRLSign</literal>. Abbreviated names are
allowed if unique (e.g.
<literal>dataEnc</literal>).
</para>
<para>
The alias <literal>sign</literal> is equivalent to
<literal>digitalSignature,keyCertSign,cRLSign</literal>
</para>
<para>
The alias <literal>decrypt</literal> is equivalent to
<literal>keyEncipherment,dataEncipherment</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--finalize</option>
<option>-F</option>,
</term>
<listitem>
<para>
Finish initialization phase of the smart card
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--update-last-update</option>
</term>
<listitem>
<para>
Update 'lastUpdate' attribute of tokenInfo
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--ignore-ca-certificates</option>
</term>
<listitem>
<para>
When storing PKCS#12 ignore CA certificates
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--update-existing</option>
</term>
<listitem>
<para>
Store or update existing certificate
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--extractable</option>
</term>
<listitem>
<para>
Private key stored as an extractable key
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--insecure</option>
</term>
<listitem>
<para>
Insecure mode: do not require a PIN for private key
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--md-container-guid</option> <replaceable>GUID</replaceable>
</term>
<listitem>
<para>
For a new key specify GUID for a MD container
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--help</option>
<option>-h</option>,
</term>
<listitem>
<para>
Display help message
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>

11
doc/tools/pkcs15-tool.1.xml
View File

@ -280,9 +280,14 @@
<term>
<option>--reader</option> <replaceable>num</replaceable>
</term>
<listitem><para>Forces <command>pkcs15-tool</command> to use reader
number <replaceable>num</replaceable> for operations. The default is to use
reader number 0, the first reader in the system.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

10
doc/tools/sc-hsm-tool.1.xml
View File

@ -204,8 +204,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>Use the given reader number. The default is
<literal>0</literal>, the first reader in the system.</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

513
doc/tools/tools.html
View File

File diff suppressed because it is too large Load Diff

11
doc/tools/westcos-tool.1.xml
View File

@ -151,9 +151,14 @@
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
</term>
<listitem><para>
Use the given reader. The default is the first reader with a card.
</para></listitem>
<listitem>
<para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
</varlistentry>
<varlistentry>

2
src/tools/pkcs15-init.c
View File

@ -2574,7 +2574,7 @@ parse_objects(const char *list, unsigned int action)
}
}
if (del_flags[n].name == NULL) {
fprintf(stderr, "Unknown argument for --delete_objects: %.*s\n", len, list);
fprintf(stderr, "Unknown argument for --delete-objects: %.*s\n", len, list);
exit(0);
}
list += len;